W32.Blaster.Worm If you have sudden problems with XP/2000 yesterday

[andylee]

Wa liao eh, my It support call up 2day late morning to tell me to run liveupdate.says head office got 10+ pcs' kena.when i was connecting to the internet this morning in my office, got liao!!! :angry: must be a busy day for him....... :faint:

 

[RuthBaby]

Internet worm hits Windows users, crashes computers



An Internet worm that targets the latest versions of Microsoft's Windows operating system is spreading rapidly around the world.

The worm, known as "Blaster", "Love-San" or "MS-Blaster", triggers computer crashes and slows Web connections.



It specifically targets computers running Windows XP and Windows 2000.

Security analysts say the worm is unusual, as it does not spread via e-mail but through Web connections.

At least 124,000 computers using Microsoft's Windows software have been infected worldwide, according to a sample by Symantec's Security Response sensor network.

Though the origins of the virus are unknown, it is creating havoc for people using Microsoft operating systems.

"This virus is a virus that actually reboots your machine. You can be typing and all of a sudden a screen will come up and say, your machine will reboot in about five minutes, or ten seconds, and it starts counting down," said Adrian Duncan, Associate Press broadcast engineer.

Computers infected by Blaster scan the Internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft.

The worm then sends itself to those computers.

Although some corporate networks were slowed by the worm, no impact on overall Internet traffic was detected.

The worm surfaced on Monday in the US and quickly spread, taking advantage of a security hole discovered last month in Windows 2000, Windows XP, Windows NT, and Windows Server 2003 operating systems.

Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.

Both Microsoft and the US Department of Homeland Security have been warning about the loophole since mid-July.

But according to experts, many office and home users apparently failed to heed those warnings.

The worm crashes some systems and infects others, but otherwise does no damage, Microsoft said.

Experts say the worm is poorly written, but new variations of it could be more virulent.

The patch is available at www.microsoft.com/security.

*luckily i managed to download e patch within 1 mins time before my com auto reboot* :blah:

 

[Jer76]

piangz me com oso got it.. thanks for the info on the patch guys.. my com's ok liao

 

[sehsuan]

so let's see... this worm spreads itself without a need for an infected file on the host computer, right?... all that it needs is an available network connection...

 

[StreetShooter]

so let's see... this worm spreads itself without a need for an infected file on the host computer, right?... all that it needs is an available network connection...

Yeah, scary, ainit?

 

[popeye]

Yup, you got it .....

Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

That is the file that is creating all the problems. .......

To clear it, go to symantec website to get the program or do the follow :-

start up the system in command prompt mode
use regedit and search for "msblast"
delete away that line in the registary.
go to c:\winnt\system32 and delete away msblast.exe

it's that simple .

whahahahahaha

It doesn't seem work on win2k profesional. BUt it does work on win2k server. I can't find msblast.exe in c:\winnt\system32 nor msblast in registry

 

[sehsuan]

Yeah, scary, ainit?

reminds me of exactly why i avoided XP like the plague initially, because of the UPnP security flaw that www.grc.com picked up...

 

[West_ray]

hey ... my Norton said it found the Msblast ... it prompt me every i switch on my computer ... yesterday i already fix the virus and download the patch liao , but it seem tat the msblast still in my comp ... i located it and try to delete it, but was prompt tat file was denied access ...

HOW HOW HOW HOW ???? :cry:

 

[OzOn3]

hey ... my Norton said it found the Msblast ... it prompt me every i switch on my computer ... yesterday i already fix the virus and download the patch liao , but it seem tat the msblast still in my comp ... i located it and try to delete it, but was prompt tat file was denied access ...

HOW HOW HOW HOW ???? :cry:

Here:
Originally Posted by blurblock

Yup, you got it .....

Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

That is the file that is creating all the problems. .......

To clear it, go to symantec website to get the program or do the follow :-

start up the system in command prompt mode
use regedit and search for "msblast"
delete away that line in the registary.
go to c:\winnt\system32 and delete away msblast.exe

it's that simple .

whahahahahaha

 

[West_ray]

oh i see .... but i still dun understand ... haha .. anyway the prob of msblast didnt really bothers me anymore ...

 

[Larry]

got the damn thing last night, killed it today. very nuisance.

 

[green_leaf]

what is the problem cause by this virus???
i suspect that i aLSO because i on the pc in the morning to transfer some photo to school and the pc suddenly say that it is going to shot down the system in 1 minutes time with countdown.
i on the pc again and it show me the same problem...

Then i go to school and head about the virus.
When i return home and the pc is baCK TO NORMAL.
Do i still need to download the patch to recover?
i very afraid that my photo kena deleted or what....
Heard that is spreads thru kazaa.

 

[mystic]

no worry jus install the patch from MS n get started.. if cannot solve then better think of changing OS

what is the problem cause by this virus???
i suspect that i aLSO because i on the pc in the morning to transfer some photo to school and the pc suddenly say that it is going to shot down the system in 1 minutes time with countdown.
i on the pc again and it show me the same problem...

Then i go to school and head about the virus.
When i return home and the pc is baCK TO NORMAL.
Do i still need to download the patch to recover?
i very afraid that my photo kena deleted or what....
Heard that is spreads thru kazaa.

 

[SNAG]

fwah.
Freaking scary man.

All my friends kerna the virus liao, and they have been calling and SMS-ing me on how to remove the virus... sigh.

Luckily I patched all my systems yesterday night... heng ah.

 

[matthew]

System Not Affected by the W32.Blaster.Worm, are Linux Macintosh, OS/2, UNIX.

Time to switch OS.

Yep !.

I have 3 computers in my office. A Linux machine that is my 'main' workstation I do most tasks from, and two 'test' machines, a Mac G4 and a Athlon PC with XP.

The test machines are both dual head and I have Dell flat screens with dual DVI/VGA input. I have the pair of screens wired to the pair of machines and switch back and worth with the input select buttons. (And can thus run dual head on either, or one on both, etc with out changing cables around).

This particular morning both screens were on the G4, although the PC was running.
The PC talks when it POSTs. It spoke. Odd. Oh well windows crashed. I ignored it. About 5 minutes later it POSTed again. odd. I still ignored it. The Mac was displaying a multicast video transmission of Deutche Welle TV that was more interesting than a spontaniously rebooting PC. . I was doing my 'real' work on the Linux machine.

Then my wife rings and says their data security officer was running around the building trying to contain the effects of some new PC crashing worm. (My wife uses a Unix 'X-Terminal', she wasn't affected...)

Then I look at the Althon PC, realize it's been infected and turn it off....
Left it that way until my Mac using offsider needed to test some windows software. I let him de-blaster it

Fortunatly for me, the Windows2k server thats in my 'server farm' was completely up todate with it's patches, so it didn't get infected. (Not that I think any one would have noticed if it had crashed . Our key services run on Unix machines. (Which are also kept up todate with patches).

Doesn't matter what OS you run, if you don't keep the patches up todate, some looser will take you down. Some OSs just require more patches than others.

 

[berryhappy]

i also experience svchost.exe error but it did not crash.

read from ST this morning:
"But it's not over: Blaster installs instructions in infected computers for an attack at midnight on Aug 16 on Microsoft's Windows Update website - the same site that offers a patch that users should download as protection."

What does this mean??

 

[sehsuan]

berryhappy, this means that you can set your computer's date to anywhen before august 15 and you won't be affected by the worm's blockade to windowsupdate.com

 

[kindred]

DL this pls --> http://vil.nai.com/vil/stinger/

This is a good one too !

 

[blurblock]

It doesn't seem work on win2k profesional. BUt it does work on win2k server. I can't find msblast.exe in c:\winnt\system32 nor msblast in registry

slight difference, depending on whether you are the "rebroadcaster" or the "trasmitter" ..... transmitter will get Msblast.exe .... if you are dedicated as the rebrodcaster it will normally be a TFTP file in the name of TFTP00xx ...... whahahahaha ......

That's how it transmit "without" a need for a host .... actually, it still need a host .....

 

[Green Baron]

am i mistaken or what, does the worm spread itself to unpatched systems that are using NT/XP by itself without having a pre-infected file on the host system?

The worm spreads by RPC so you don't need to do anything to get infected ! The first thing you should do is run the MS RPC patch.
This will prevent your machine from getting infected again. Then get the latest virus signature and reboot your machine.

You should setup your XP/2000 machines to automatically accept critical update.